IPSec set up IPSec
WAN settings
Go to System > Network Setting > WAN Setting
WAN Setting Local endpoint (Site A) Remote endpoint (Site B)
WAN Link
1 1
WAN Type
Routing Mode Routing Mode
WAN Port
Port1 Port1
IPv4 Localhost IP
10.10.10.10 20.20.20.20
IPv4 Netmask
255.255.255.0 255.255.255.0
IPv4 Default Gateway
10.10.10.254 20.20.20.254
For the details of WAN link setting, see "Configurations for a WAN link in Routing Mode", "Configurations for a WAN
link in Bridge Mode: One Static IP" and "Configurations for a WAN link in Bridge Mode: Multiple Static IP".
LAN private subnets
Go to System > Network Setting > LAN Private Subnet
LAN Private Subnet Local endpoint (Site A) Remote endpoint (Site B)
IP(s) on Localhost
192.168.10.254 192.168.100.254
Netmask
255.255.255.0 255.255.255.0
LAN Port
Port3 Port3
For the details of LAN private subnet setting, see "LAN Private Subnet".
Define Auto Routing policies for IKE negotiation and IPSec communication packets
For IKE negotiation packets
Packets of IKE negotiation are generated by FortiWAN itself (source and destination IP address of the packets is
respectively the Local IP and Remote IP of Phase 1 configuration), therefor the Source and Destination of the Auto
Routing filter for IKE negotiation must be configured with the Local IP and Remote IP (the IP address of WAN port of
two FortiWAN units). Remember that the IPSec SAs are established on the WAN port of both the two FortiWANs.
Go to Service > Auto Routing
You need add a new policy to Policies of Auto Routing like:.
FortiWAN Handbook
Fortinet Technologies Inc.
199
To Next Page
Loading...
